b'\x0c\x0c                                      A MESSAGE FROM THE\n                                       INSPECTOR GENERAL\nI am pleased to present this Semiannual Report to Congress on the\nactivities and accomplishments of the Nuclear Regulatory Commission\n(NRC) Office of the Inspector General (OIG) from October 1, 2007, to\nMarch 31, 2008.\n\nOur work reflects the legislative mandate of the Inspector General Act\nwhich is to identify and prevent fraud, waste, and abuse through the con-\nduct of audits and investigations relating to NRC programs and operations.\nThe audits and investigations highlighted in this report demonstrate our\ncommitment to ensuring integrity and efficiency in NRC\xe2\x80\x99s programs and\noperations.\n\nDuring this semiannual reporting period, we issued 9 program audit reports and analyzed\n2 contract audit reports. As a result of this work, OIG made recommendations to improve the\neffective and efficient operation of NRC\xe2\x80\x99s safety, security, and corporate management programs.\nOIG also opened 35 investigations, and completed 29 cases. Seven of the open cases were referred\nto the Department of Justice, and 18 allegations were referred to NRC management for action.\n\nI would like to acknowledge our auditors, investigators, and support staff for their superior work\nand commitment to the mission of our office. I also want to congratulate the members of my audit\nstaff who recently received the \xe2\x80\x9cAward for Excellence in Audit\xe2\x80\x9d issued by the President\xe2\x80\x99s Council on\nIntegrity and Efficiency. This award was received for their noteworthy work in identifying weak-\nnesses and recommending enhancements to the program used by NRC to evaluate the performance\nof nuclear power plants security efforts.\n\nFinally, the success of the NRC OIG would not be possible without the collaborative work between\nmy staff and agency managers to address OIG findings and implement the recommendations made\nby my office. I wish to thank them for their dedication and support, and look forward to their con-\ntinued cooperation as we work together to ensure the integrity of agency operations.\n\n\n\n\nHubert T. Bell\nInspector General\n\n\n\n\n                                                                                                 i\n                                                                   October 1, 2007 \xe2\x80\x93 March 31, 2008\n\x0cii\nNRC OIG Semiannual Report\n\x0c                                                                                                CONTENTS\nHighlights ...................................................................................................................v\nOIG Organization and Activities . ..........................................................................1\n\t     NRC\xe2\x80\x99s Mission .....................................................................................................1\n\t     OIG Mission and Strategies ...............................................................................2\n\t\t          Inspector General History ...........................................................................2\n\t\t          OIG Mission ..................................................................................................2\n\t\t          Audit Program ...............................................................................................3\n\t\t          Investigative Program ...................................................................................4\n\t     OIG General Counsel Activities . ......................................................................6\n\t\t          Regulatory Review ........................................................................................6\n\t     Special Feature Article.........................................................................................7\n\t\t          Follow-up to Report on NRC\xe2\x80\x99s Oversight of\n\t\t          Byproduct Materials.......................................................................................7\n\t     Other Activities.....................................................................................................9\n\t\t          NRC OIG Receives PCIE Award for Excellence........................................9\nAudits .......................................................................................................................11\n\t     Audit Summaries . .............................................................................................11\n\t     Audits In Progress .............................................................................................17\nInvestigations ...........................................................................................................20\n\t     Investigative Case Summaries .........................................................................20\nStatistical Summary of OIG Accomplishments .................................................26\n\t     Investigative Statistics .......................................................................................26\n\t     Audit Listings . ...................................................................................................28\n\t     Audit Resolution Activities ..............................................................................30\nAbbreviations and Acronyms . ..............................................................................34\nReporting Requirements . ......................................................................................35\n\n\n\n\n                                                                                                                                   iii\n                                                                                            October 1, 2007 \xe2\x80\x93 March 31, 2008\n\x0civ\nNRC OIG Semiannual Report\n\x0c                                                                       HIGHLIGHTS\nThe following two sections highlight selected audits and investigations completed\nduring this reporting period. More detailed summaries appear in subsequent\nsections of this report.\n\nAUDITS\n\xe2\x80\xa2\t The Chief Financial Officers Act requires OIG to annually audit NRC\xe2\x80\x99s\n   principal financial statements. An independent public accounting firm\n   conducted the audit with OIG oversight.\n\xe2\x80\xa2\t Alternative Dispute Resolution (ADR) is a term that refers to a number of\n   processes, such as mediation, which can be used to resolve disputes between\n   parties. Through the Office of Enforcement, NRC developed a pilot program\n   to evaluate whether the use of ADR could provide greater flexibility in the\n   enforcement process, more timely and economical resolution of issues, more\n   effective outcomes, and improved relationships. OIG audited this program to\n   determine if the enforcement-related ADR program is complete and ready for\n   full implementation. In addition, OIG audited a contract for ADR services\n   to determine if it had appropriate internal controls.\n\xe2\x80\xa2\t Cybersecurity refers to the branch of security that protects information tech-\n   nology (IT) infrastructure. IT infrastructure encompasses not only the public\n   internet, but also the less visible systems and connections of the Nation\xe2\x80\x99s critical\n   infrastructures, such as nuclear power plants and electric power distribution\n   grids. Cyber attacks can temporarily disrupt computer networks, or more\n   seriously, cause failure of public services. The objective of this audit was to\n   determine how upcoming changes to NRC\xe2\x80\x99s cybersecurity oversight processes\n   might impact the agency\xe2\x80\x99s oversight at licensee facilities.\n\xe2\x80\xa2\t Licensees take various measures to ensure that their security officers are\n   mentally and physically fit, professionally competent, and sufficiently trust-\n   worthy to carry out their duties at nuclear power plants. NRC exercises\n   oversight of licensees\xe2\x80\x99 security officers primarily through the Reactor Over-\n   sight Process\xe2\x80\x99s physical protection cornerstone. OIG audited this program to\n   assess NRC\xe2\x80\x99s oversight of security officers employed by licensees to protect\n   nuclear power plants.\n\xe2\x80\xa2\t NRC regulates the maximum power level at which a commercial nuclear\n   power plant may operate. The process of increasing the maximum power\n   level at which a plant may operate is called a power uprate. Licensees seek\n\n                                                                                                     v\n                                                                         October 1, 2007 \xe2\x80\x93 March 31, 2008\n\x0c                      permission to perform a power uprate by submitting a license application\n                      amendment to NRC. Since 1977, NRC has approved 118 power uprates and\n                      anticipates as many as 24 power uprate applications during the next 5 years.\n                      The objective of this audit was to examine the process for reviewing and ap-\n                      proving power uprate amendment applications.\n\n                   INVESTIGATIONS\n                   \xe2\x80\xa2\t OIG completed a special inquiry in response to concerns pertaining to\n                      Hemyc fire barriers. Hemyc is a fire barrier that has been installed in\n                      operating nuclear power plants since the 1980s and is currently installed\n                      at 15 nuclear reactors in the United States. Concerns focused on Hemyc\xe2\x80\x99s\n                      failure to provide the level of protection expected for a 1-hour rated fire\n                      barrier during confirmatory testing sponsored by NRC in 2005. Additional\n                      concerns pertained to whether NRC staff were aware of problems with Hemyc\n                      prior to 2005, even as far back as 1994, and whether the staff acted to address\n                      these problems.\n                   \xe2\x80\xa2\t OIG completed an investigation into the misuse of the NRC e-mail system by\n                      an NRC contractor employee who placed a software monitoring program on\n                      a privately-owned computer so that he could monitor, via his NRC computer,\n                      the other computer\xe2\x80\x99s e-mail and web-browsing activity.\n                   \xe2\x80\xa2\t OIG conducted an investigation into whether an NRC staff member was\n                      pressured by NRC management to change his written testimony to the NRC\n                      Atomic Safety Licensing Board Panel that concluded the steel containment\n                      liner at Oyster Creek Nuclear Generating Station was structurally sufficient\n                      and met regulatory standards.\n                   \xe2\x80\xa2\t OIG conducted an investigation concerning incorrect deductions that were\n                      taken from the agency\xe2\x80\x99s payments to an NRC contractor.\n                   \xe2\x80\xa2\t OIG completed an investigation pertaining to NRC\xe2\x80\x99s involvement in an im-\n                      proper settlement agreement between a whistleblower and an NRC nuclear\n                      power plant licensee and the related understanding of the ADR process by\n                      agency offices.\n\n\n\n\nvi\nNRC OIG Semiannual Report\n\x0c   OIG ORGANIZATION AND ACTIVITIES\nNRC\xe2\x80\x99S MISSION\nThe U.S. Nuclear Regulatory Commission (NRC) was formed in 1975 to regulate\nthe various commercial and institutional uses of nuclear materials by the Energy\nReorganization Act of 1974. The agency succeeded the Atomic Energy Com-\nmission, which previously had responsibility for both developing and regulating\nnuclear activities.\n\nNRC\xe2\x80\x99s mission is to regulate the Nation\xe2\x80\x99s civilian use of byproduct, source, and\nspecial nuclear materials to ensure adequate protection of public health and safety,\npromote the common defense and security, and\nprotect the environment. NRC\xe2\x80\x99s regulatory mis-\nsion covers three main areas:\n\nReactors - Commercial reactors for generating\nelectric power and research and test reactors\nused for research, testing, and training.\n\nMaterials - Uses of nuclear materials in medical,\nindustrial, and academic settings and facilities\nthat produce nuclear fuel.\n\nWaste - Transportation, storage, and disposal\nof nuclear materials and waste, and decommis-        NRC Headquarters, Rockville, MD.\nsioning of nuclear facilities from service.\n\nUnder its responsibility to protect public health and safety, NRC has three principal\nregulatory functions: (1) establish standards and regulations, (2) issue licenses\nfor nuclear facilities and users of nuclear materials, and (3) inspect facilities and\nusers of nuclear materials to ensure compliance with the requirements. These\nregulatory functions relate to both nuclear power plants and other uses of nuclear\nmaterials \xe2\x80\x93 like nuclear medicine programs at hospitals, academic activities at\neducational institutions, research work, and such industrial applications as gauges\nand testing equipment.\n\nNRC places a high priority on keeping the public informed of its work. The\nagency maintains a current Web site and a public document room in Rockville,\n\n                                                                                                  1\n                                                                       October 1, 2007 \xe2\x80\x93 March 31, 2008\n\x0c                   Maryland (NRC headquarters) and holds public hearings, public meetings in local\n                   areas and at NRC offices, and discussions with individuals and organizations.\n\n                   OIG MISSION AND STRATEGIES\n                   Inspector General History\n\n                   In the 1970s, Government scandals, oil shortages and stories of corruption covered\n                   by newspapers, television, and radio stations took a toll on the American public\xe2\x80\x99s\n                   faith in its Government. The U.S. Congress knew it had to take action to restore\n                   the public\xe2\x80\x99s trust. It had to increase oversight of Federal programs and opera-\n                   tions. It had to create a mechanism to evaluate the effectiveness of Government\n                   programs. Also, it had to provide an independent voice for economy, efficiency\n                   and effectiveness within the Federal Government that would earn and maintain\n                   the trust of the American people.\n\n                   In response, President Jimmy Carter in 1978 signed into law the landmark legisla-\n                   tion known as the Inspector General Act (IG Act). The IG Act created independent\n                   Inspectors General (IGs), who would: protect the integrity of Government; im-\n                   prove program efficiency and effectiveness; prevent and detect fraud, waste and\n                   abuse in Federal agencies; and keep agency heads, Congress, and the American\n                   people fully and currently informed of the findings of the IGs\xe2\x80\x99 work.\n\n                   Almost 30 years later, the IG concept is a proven success. The IGs continue to\n                   deliver significant benefits to our Nation. Thanks to IG audits and inspections,\n                   billions of dollars have been returned to the Federal Government or have been\n                   better spent based on recommendations identified through those audits and in-\n                   spections. IG investigations have also contributed to the prosecution of thousands\n                   of wrongdoers. In addition, the IG concept of good governance, accountability\n                   and monetary recoveries encourages foreign governments to seek our advice, with\n                   the goal of replicating the basic IG principles in their own governments.\n\n                   OIG Mission\n\n                   NRC\xe2\x80\x99s OIG was established as a statutory entity on April 15, 1989, in accordance\n                   with the 1988 amendment to the IG Act. NRC OIG\xe2\x80\x99s mission is to (1) indepen-\n                   dently and objectively conduct and supervise audits and investigations relating\n                   to NRC programs and operations; (2) prevent and detect fraud, waste, and abuse;\n\n2\nNRC OIG Semiannual Report\n\x0cand (3) promote economy, efficiency, and effectiveness in NRC programs and\noperations.\n\nOIG is committed to ensuring the integrity of NRC programs and operations.\nDeveloping an effective planning strategy is a critical aspect of accomplishing\nthis commitment. Such planning ensures that audit and investigative resources\nare used effectively. To that end, OIG developed a Strategic Plan that includes\nthe major challenges and critical risk areas facing NRC.\n\nThe plan identifies the priorities of OIG and establishes a shared set of expecta-\ntions regarding the goals OIG expects to achieve and the strategies that will be\nemployed to do so. OIG\xe2\x80\x99s Strategic Plan features three goals which generally align\nwith NRC\xe2\x80\x99s mission and goals:\n\n1.\t Advance NRC\xe2\x80\x99s efforts to enhance safety and protect the environment.\n\n2.\t Enhance NRC\xe2\x80\x99s efforts to increase security in response to the current threat\n    environment.\n\n3.\t Improve the economy, efficiency, and effectiveness of NRC corporate\n    management.\n\nAudit Program\n\nThe OIG Audit Program covers the management and financial operations, econ-\nomy or efficiency with which an organization, program, or function is managed\nand program results achieved. For this program, auditors assess the degree to\nwhich an organization complies with laws, regulations, and the internal poli-\ncies in carrying out programs, and they test program effectiveness as well as the\nreasonableness and reliability of financial statements. The overall objective of\nan audit is to identify ways to enhance agency operations and promote greater\neconomy and efficiency. Audits comprise four phases:\n\n\xe2\x80\xa2\t Survey phase - An initial phase of the audit process is usually to gather infor-\n   mation, without detailed verification, on the agency\xe2\x80\x99s organization, programs,\n   activities, and functions. An assessment of vulnerable areas determines whether\n   further review is needed.\n\n\n\n                                                                                                3\n                                                                     October 1, 2007 \xe2\x80\x93 March 31, 2008\n\x0c                   \xe2\x80\xa2\t Verification phase - Detailed information is obtained to verify findings and\n                      support conclusions and recommendations.\n\n                   \xe2\x80\xa2\t Reporting phase - The auditors present the information, findings, conclusions,\n                      and recommendations that are supported by the evidence gathered during the\n                      survey and verification phases. Exit conferences are held with management\n                      officials to obtain their views on the issues in the report. Comments from the\n                      exit conferences are presented in the published audit report, as appropriate.\n                      Formal written comments are included in their entirety as an appendix in\n                      the published audit report.\n\n                   \xe2\x80\xa2\t Resolution phase - Positive change results from the resolution process in\n                      which management takes action to improve operations based on the recom-\n                      mendations in the published audit report. Management actions are monitored\n                      until final action is taken on all recommendations. When management and\n                      OIG cannot agree on the actions needed to correct a problem identified in an\n                      audit report, the issue can be taken to the NRC Chairman for resolution.\n\n                   Each September, OIG issues an Annual Plan that summarizes the audits planned\n                   for the coming Fiscal Year (FY). Unanticipated high priority issues may arise that\n                   generate audits not listed in the Annual Plan. OIG audit staff continually monitor\n                   specific issues areas to strengthen OIG\xe2\x80\x99s internal coordination and overall planning\n                   process. Under the OIG Issue Area Monitor (IAM) program, staff designated as\n                   IAMs are assigned responsibility for keeping abreast of major agency programs\n                   and activities. The broad IAM areas address nuclear reactors, nuclear materials,\n                   nuclear waste, international programs, security, information management, and\n                   financial management and administrative programs.\n\n                   Investigative Program\n\n                   OIG\xe2\x80\x99s responsibility for detecting and preventing fraud, waste, and abuse within\n                   NRC includes investigating possible violations of criminal statutes relating to\n                   NRC programs and activities, investigating misconduct by NRC employees, in-\n                   terfacing with the Department of Justice on OIG-related criminal matters, and\n                   coordinating investigations and other OIG initiatives with Federal, State, and\n                   local investigative agencies and other OIGs. Investigations may be initiated as a\n                   result of allegations or referrals from private citizens; licensee employees; NRC\n                   employees; Congress; other Federal, State, and local law enforcement agencies;\n\n4\nNRC OIG Semiannual Report\n\x0cOIG audits; the OIG Hotline; and IG initiatives directed at areas bearing a high\npotential for fraud, waste, and abuse.\n\nBecause NRC\xe2\x80\x99s mission is to protect the health and safety of the public, one of the\nInvestigation unit\xe2\x80\x99s main focus and use of resources is investigations of alleged\nconduct by NRC staff that could adversely impact the agency\xe2\x80\x99s handling of matters\nrelated to health and safety. These investigations may include allegations of:\n\n\xe2\x80\xa2\t Misconduct by high ranking NRC officials and other NRC officials, such as man-\n   agers and inspectors, whose positions directly impact public health and safety.\n\n\xe2\x80\xa2\t Failure by NRC management to ensure that health and safety matters are\n   appropriately addressed.\n\n\xe2\x80\xa2\t Failure by NRC to appropriately transact nuclear regulation publicly and can-\n   didly and to openly seek and consider the public\xe2\x80\x99s input during the regulatory\n   process.\n\n\xe2\x80\xa2\t Conflict of interest by NRC employees with NRC contractors and licensees\n   involving such matters as promises of future employment for favorable or\n   inappropriate treatment and the acceptance of gratuities.\n\n\xe2\x80\xa2\t Fraud in the NRC procurement program involving contractors violating\n   Government contracting laws and rules.\n\nOIG has also implemented a series of proactive initiatives designed to identify\nspecific high-risk areas that are most vulnerable to fraud, waste, and abuse. A\nprimary focus is electronic-related fraud in the business environment. OIG is\ncommitted to improving the security of this constantly changing electronic busi-\nness environment by investigating unauthorized intrusions and computer-related\nfraud, and by conducting computer forensic examinations. Other proactive ini-\ntiatives focus on determining instances of procurement fraud, theft of property,\nGovernment credit card abuse, and fraud in Federal programs.\n\n\n\n\n                                                                                                5\n                                                                     October 1, 2007 \xe2\x80\x93 March 31, 2008\n\x0c                   OIG GENERAL COUNSEL ACTIVITIES\n                   Regulatory Review\n\n                   Pursuant to the Inspector General Act, 5 U.S.C. App. 3, Section 4(a)(2), OIG reviews\n                   existing and proposed legislation, regulations, policy, and implementing Manage-\n                   ment Directives, and makes recommendations to the agency concerning their\n                   impact on the economy and efficiency of agency programs and operations.\n\n                   From October 1, 2007, through March 31, 2008, OIG reviewed more than 250\n                   agency documents, including approximately 160 Commission papers (SECYs),\n                   Staff Requirements Memoranda, and 75 Federal Register Notices, regulatory\n                   actions, and statutes.\n\n                   To effectively track the agency\xe2\x80\x99s response to OIG regulatory review comments,\n                   this office requests written replies within 90 days with either a substantive reply\n                   or status of issues raised by OIG.\n\n                   During this reporting period, four significant comments were provided to the\n                   agency and are summarized below. In each case, the agency replied with respon-\n                   sive comments.\n\n                   \t   The agency proposed a rule, \xe2\x80\x9cExpansion of the National Source Tracking\n                       System.\xe2\x80\x9d (The purpose of the system is to track certain sealed radioactive\n                       sources which would require licensees to report information on the manu-\n                       facture, transfer, receipt, or disposal of these sources.) The National Source\n                       Tracking System was the subject of two recent OIG audits. Outstanding issues\n                       identified in those audits were not resolved at the time the rule was proposed.\n                       These include receipt of recommendations for appropriate tracking levels and\n                       quantities of radioactive materials and the need for a framework for evaluat-\n                       ing options and alternatives to adequately address security. As a result, OIG\n                       related that the timing of the rule was potentially premature. The agency\n                       response advised that initiation of the rule was deemed prudent in the over-\n                       all context of this health and safety issue, and that flexibility in the processes\n                       and software systems contemplated would allow for inclusion of additional\n                       sources as a separate matter. Further, security concerns were considered as an\n                       initial consideration for later analysis, and the timing of the rulemaking was\n                       a logical fit with the increased controls evident in the Agreement States.\n\n6\nNRC OIG Semiannual Report\n\x0c\t   Draft Management Directive 8.14, \xe2\x80\x9cAgency Action Review Meeting,\xe2\x80\x9d ad-\n    dressed the major issues related to the NRC\xe2\x80\x99s practice for its senior managers\n    to conduct an annual Agency Action Review Meeting. This meeting includes\n    an overview of the performance of operating reactors, fuel cycle and other\n    materials licensees, industry trends, and the effectiveness of NRC\xe2\x80\x99s oversight\n    process. The clarifications to the draft directive suggested by OIG were minor,\n    and the agency advised that, after delay to allow for development of more\n    specific criteria, a subsequent draft will be provided for review.\n\n\t   OIG reviewed a proposed \xe2\x80\x9cNo Fear Act\xe2\x80\x9d training module which, as devel-\n    oped, provided comprehensive discussion on the most important aspects\n    of this topic. Besides suggesting that specific examples of relevant conduct\n    be avoided, OIG also suggested inclusion of the whistleblower protection\n    section of the Inspector General Act, and elimination of superfluous infor-\n    mation. The agency adopted the OIG comments in the final version of the\n    training module.\n\n\t   In addition, OIG provided substantive suggestions to the agency Annual Eth-\n    ics Training syllabus. Tied to weaknesses identified in a recent investigation,\n    OIG suggested emphasis and focus on the\n    need for explicit directions to employees seek-\n    ing employment in the private sector. The\n    additional detail in this part of the training\n    syllabus created a more robust annual ethics training\n    by the agency Designated Agency Ethics Official.\n\nSPECIAL FEATURE ARTICLE\nFollow-up to Report on NRC\xe2\x80\x99s Oversight of\nByproduct Materials\n\nOn March 30, 2007, OIG issued its Summary Report\nand Perspectives on Byproduct Material Security and      Gamma Knife.\nControl. The report sought to synthesize the findings of\nprevious OIG and Government Accountability Office (GAO) audits and investi-\ngations to provide a more complete perspective of NRC\xe2\x80\x99s approach to byproduct\nmaterial security and control. However, the work published by OIG and GAO,\n\n\n                                                                                                7\n                                                                     October 1, 2007 \xe2\x80\x93 March 31, 2008\n\x0c                   as a whole, painted a picture of NRC efforts that are incomplete, especially with\n                   regard to taking a comprehensive look inwards at its own business and regula-\n                   tory processes, which would include conducting a vulnerability assessment of\n                   the agency\xe2\x80\x99s material licensing and tracking programs.\n\n                   As the Nation\xe2\x80\x99s authority on radioactive material, OIG recognized that NRC could\n                   face continued difficulties in convincing critics and concerned onlookers of the\n                   appropriateness of its approach towards byproduct material security. However,\n                   OIG found no evidence that the agency sought an independent assessment of the\n                   risks and consequences associated with the malevolent use of byproduct mate-\n                   rial. OIG therefore recommended that the agency convene an independent panel\n                   of experts external to the agency to identify agency vulnerabilities concerning\n                   NRC\xe2\x80\x99s material licensing and tracking programs and validate the agency\xe2\x80\x99s ongo-\n                   ing byproduct material security efforts.\n\n                   Subsequent to OIG\xe2\x80\x99s report, GAO conducted an undercover investigation that\n                   validated the vulnerability concerns previously voiced in the OIG report. GAO\n                   easily obtained an NRC license under false pretense by exploiting some of the\n                   very weaknesses in the NRC licensing process that OIG had earlier discussed with\n                   NRC officials. For example, GAO was able to gather all necessary information to\n                   produce a credible license application. Once the application was submitted, the\n                   GAO team was able to anticipate all of the license review actions the NRC was\n                   going to perform when processing the application, because the agency outlined\n                   the process in publicly-available guidance.\n\n                   In October 2007, the Commission chartered an Independent External Review\n                   Panel to address issues raised by the GAO investigation. Two of the specific\n                   charter areas included (1) listing vulnerabilities concerning NRC\xe2\x80\x99s licensing and\n                   tracking programs for import, export, specific and general licensees, and (2) vali-\n                   dating NRC\xe2\x80\x99s ongoing material security efforts. The Panel issued its final report\n                   on March 11, 2008, and made 13 recommendations to address vulnerabilities in\n                   NRC\xe2\x80\x99s oversight of byproduct materials licensing and security.\n\n\n\n\n8\nNRC OIG Semiannual Report\n\x0cOTHER ACTIVITIES\nNRC OIG Receives PCIE Award for Excellence\n\nIn 2007, the President\xe2\x80\x99s Council on Integrity\nand Efficiency and the Executive Council on\nIntegrity and Efficiency awarded an OIG audit\nteam the prestigious Award for Excellence.\nThe team was recognized for exceptional\nperformance in identifying weaknesses and\nrecommending enhancements to the program\nused by NRC to evaluate the performance of\nnuclear power plants security efforts. The\nteam consisted of Beth Serepca, Shyrl Coker,\nDavid Ditto, and Rebecca Underhill.\n\nThe events of September 11, 2001, showed\nthat terrorists are willing to die in efforts to\nwreak as much destruction and death as pos- The Security and Information Management Au-\nsible, and that major terrorist events would     dit Team receives its 2007 PCIE/ECIE Award for\ntake place in the United States. This new Excellence.\xc2\xa0 Pictured left to right are Rebecca J.\nrealization caused a marked change in how Underhill, Senior Auditor; Shyrl A. Coker, Audit\nthis country perceives the threat to its in- Manager; Hubert T. Bell, Inspector General; Beth\nfrastructure and caused it to rethink earlier    H. Serepca, Team Leader; Stephen D. Dingbaum,\nassumptions about the possible threats to the Assistant Inspector General for Audits; David C.\nnuclear power plants that are regulated by       Ditto, Senior Management Analyst; and David C.\nNRC. The work conducted by the audit team Lee, Deputy Inspector General.\nsuccessfully challenged long-held agency as-\nsumptions that nuclear power plants were so hardened that terrorists would not\nbe interested in attacking them. Secondly, the team showed that NRC\xe2\x80\x99s security\ninspection program needs improvement to ensure that nuclear power plant se-\ncurity is at a high standard.\n\nThis review found that NRC\xe2\x80\x99s security training program needs improvement to\nensure that key personnel have the appropriate knowledge and information to\ncomplete the inspection program. Specifically, the inspectors are not receiving\nrelevant training or refresher courses, certification of inspectors is inconsistent,\n\n                                                                                                 9\n                                                                      October 1, 2007 \xe2\x80\x93 March 31, 2008\n\x0c                   non-security staff with oversight responsibility are not receiving security training,\n                   and the training program has not been updated.\n\n                   In addition, the team found that the depth of inspection review guidance is lack-\n                   ing. Inspectors examine a prescribed number of specific security program re-\n                   quirements to assess each inspectable area at a nuclear power plant. However,\n                   NRC security inspectors employ subjective approaches to examine each of these\n                   requirements. NRC does not provide explicit guidance on what constitutes an\n                   adequate review of each requirement which can result in inspections that vary\n                   in scope and depth.\n\n                   The work conducted by the auditors successfully countered the belief that more\n                   training and guidance was not needed because no nuclear power plant had ever\n                   been successfully attacked. The audit team\xe2\x80\x99s work was recognized for its contribu-\n                   tion to assisting the agency to better meet the public health, safety and security\n                   mission.\n\n\n\n\n10\nNRC OIG Semiannual Report\n\x0c                                                                                   AUDITS\nTo help the agency improve its effectiveness and efficiency during this period, OIG\ncompleted 9 financial and performance audits or evaluations that resulted in nu-\nmerous recommendations to NRC management. OIG also analyzed 2 contract\naudit reports.\n\nAUDIT SUMMARIES\nResults of the Audit of the Nuclear Regulatory Commission\xe2\x80\x99s Financial\nStatements for Fiscal Years 2007 and 2006\n\nOIG Strategic Goal: Corporate Management\n\nThe Chief Financial Officers Act requires OIG annually to audit NRC\xe2\x80\x99s principal\nfinancial statements. In addition, the audit evaluated the effectiveness of inter-\nnal controls over financial reporting and the agency\xe2\x80\x99s compliance with laws and\nregulations.\n\nAudit Results:\n\nFinancial Statements\n\n\xe2\x80\xa2\t The auditors expressed an unqualified opinion on the agency\xe2\x80\x99s FY 2007 and\n   2006 financial statements.\n\nInternal Controls\n\n\xe2\x80\xa2\t The auditors expressed a qualified opinion on the agency\xe2\x80\x99s internal controls.\n\n\xe2\x80\xa2\t The auditors cited information systems security controls as a continuing ma-\n   terial weakness. The material weakness results from the Federal Information\n   Security Management Act (FISMA) independent evaluation for FY 2007.\n   This evaluation identified significant deficiencies concerning certification\n   and accreditation and annual contingency plan testing requirements.\n\n\xe2\x80\xa2\t The auditors cited NRC\xe2\x80\x99s Fee Billing System as a significant deficiency.\n\nCompliance with Laws and Regulations\n\n\xe2\x80\xa2\t The auditors reported information systems security controls as a substantial\n\n\n                                                                                             11\n   noncompliance with the Federal Financial Management Improvement Act\n\n\n                                                                     October 1, 2007 \xe2\x80\x93 March 31, 2008\n\x0c                        (FFMIA). Office of Management and Budget Bulletin No. 07-04, Audit Require-\n                        ments for Federal Financial Statements, clarified that \xe2\x80\x9csignificant deficiencies\n                        found under FISMA must also be reported as a material weakness under the\n                        Federal Managers\xe2\x80\x99 Financial Integrity Act and as a lack of substantial compli-\n                        ance under FFMIA if related to financial management systems.\xe2\x80\x9d (Addresses\n                        Management Challenge #6)\n\n                   Audit of NRC\xe2\x80\x99s Alternative Dispute Resolution Program\n\n                   OIG Strategic Goal: Safety\n\n                   Alternative Dispute Resolution (ADR) is a term that refers to a number of pro-\n                   cesses, such as mediation, which can be used to resolve disputes between parties.\n                   Through the Office of Enforcement (OE), NRC developed a pilot program to\n                   evaluate whether the use of ADR could provide greater flexibility in the enforce-\n                   ment process, more timely and economical resolution of issues, more effective\n                   outcomes, and improved relationships. NRC offers two types of enforcement-\n                   related ADR \xe2\x80\x94 early1 and post-investigative.2 To reduce any perceived bias,\n                   OE contracted with the Institute on Conflict Resolution at Cornell University\n                   (Cornell) to act as the intake neutrals3 and to provide mediators for NRC\xe2\x80\x99s ADR\n                   pilot program. NRC conducted the ADR pilot program from October 2004\n                   through December 2005, offering post-investigative ADR to 43 offenders. Of\n                   those, 16 agreed to use ADR and all reached resolution.\n\n                   The objective of this audit was to determine if the enforcement-related ADR\n                   program is complete and ready for full implementation.\n\n                   Audit Results:\n\n                   Despite overall ADR participant and other external stakeholder satisfaction with\n                   the post-investigative ADR process, the ADR program is not complete or ready\n\n                   1\n                     The early ADR process occurs between an individual and his/her employer prior to NRC\xe2\x80\x99s Office of Inves-\n                   tigations performing an investigation based on an individual\xe2\x80\x99s claim of discrimination.\n                   2\n                    The post-investigative ADR process, between NRC and an offender (individual, licensee, or organization\n                   subject to NRC jurisdiction), is only available after the Office of Investigations completes an investigation\n                   and the agency decides to pursue enforcement.\n                   3\n                    Per the ADR Act, a \xe2\x80\x9cneutral\xe2\x80\x9d means an individual who, with respect to an issue in controversy, functions\n\n\n12\n                   specifically to aid the parties in resolving the controversy.\n\n\n\nNRC OIG Semiannual Report\n\x0cfor full implementation because of weaknesses in the program\xe2\x80\x99s guidance and\nmanagement controls. Specifically,\n\n\xe2\x80\xa2\t the process for follow-up and closure of confirmatory orders is unclear,\n\n\xe2\x80\xa2\t pertinent NRC offices are involved on an ad hoc basis,\n\n\xe2\x80\xa2\t preparation of support documentation is inconsistent, and\n\n\xe2\x80\xa2\t complete case information is unavailable to all enforcement specialists.\n\nUntil complete policy and procedures are in place, NRC cannot ensure long-term\nsuccess of the overall enforcement-related ADR program. (Addresses Manage-\nment Challenge #3)\n\nNRC\xe2\x80\x99S Planned Cybersecurity Program\n\nOIG Strategic Goal: Security\n\nCybersecurity refers to the branch of security that protects information tech-\nnology (IT) infrastructure. IT infrastructure encompasses not only the public\ninternet, but also the less visible systems and connections of the Nation\xe2\x80\x99s critical\ninfrastructures, such as nuclear power plants and electric power distribution\ngrids. Cybersecurity is increasingly important to the nuclear power industry as\nplants upgrade from analogue to digital control systems, which are vulnerable to\nattacks by criminals and foreign governments. These cyber\nattacks can temporarily disrupt computer networks or, more\nseriously, cause failure of public services. According to the\nU.S. Central Intelligence Agency, for instance, extortionists\nrecently penetrated computer systems of utility companies\noutside the United States and caused power outages that af-\nfected multiple cities.\n\nAudit Results:\n\nOIG identified an issue that could adversely affect NRC\xe2\x80\x99s oversight of licensees\xe2\x80\x99\ncybersecurity programs for nuclear power plants. In particular, although NRC\nis making progress in developing cybersecurity regulations and a corresponding\ninspection program, it lacks a clear plan for the inspection program. In particular,\n\n                                                                                              13\nagency management has not determined:\n\n                                                                      October 1, 2007 \xe2\x80\x93 March 31, 2008\n\x0c                   \xe2\x80\xa2\t respective roles of agency staff and contractors in conducting cybersecurity\n                      inspections,\n\n                   \xe2\x80\xa2\t staff requirements for cybersecurity inspections and headquarters support,\n                      and\n\n                   \xe2\x80\xa2\t resources needed for initial training of cybersecurity inspectors, and for follow-\n                      on training to maintain technical proficiency.\n\n                   Without robust cybersecurity oversight, NRC faces increased risk that cyber\n                   attacks, human error, or technological failure could compromise IT systems\n                   that are critical to nuclear power plant operations. (Addresses Management\n                   Challenge #2)\n\n                   Audit of NRC\xe2\x80\x99s Contract for Alternative Dispute Resolution Services\n\n                   OIG Strategic Goal: Corporate Management\n\n                   On September 27, 2006, NRC awarded a $334,400 fixed-price, sole-source contract\n                   to Cornell to provide neutral services supporting the enforcement ADR program\n                   for a 2-year period. The contract provisions permit a three-year extension for an\n                   $893,000 total contract cost. ADR is a term that refers to a number of processes,\n                   such as mediation and facilitated dialogues, that can be used to assist parties in\n                   resolving disputes. ADR is a voluntary process that often involves the use of a\n                   skilled third party neutral.\n\n                   The objective of this audit was to determine if NRC\xe2\x80\x99s contract for ADR services\n                   had the appropriate controls in place.\n\n                   Audit Results:\n\n                   While the contract with Cornell has been used for more than a year for a number\n                   of ADR cases, NRC does not have the ability to provide effective contract oversight.\n                   This is caused by deficiencies in the contract such as inadequate billing require-\n                   ments and an insufficient statement of work. Furthermore, there is minimal\n                   contract management over the contract. Thus, the agency\xe2\x80\x99s ability to prevent\n                   procurement fraud and abuse is reduced. In addition, there is the appearance of\n                   a conflict of interest due to the NRC\xe2\x80\x99s project officer\xe2\x80\x99s association with a Cornell\n                   workshop. (Addresses Management Challenge #6)\n\n14\nNRC OIG Semiannual Report\n\x0cAudit of NRC\xe2\x80\x99s Oversight of Licensees\xe2\x80\x99 Nuclear Security Officers\n\nOIG Strategic Goal: Security\n\nLicensees take various measures to ensure that their security officers are mentally\nand physically fit, professionally competent, and sufficiently trustworthy to carry\nout their duties at nuclear power plants. These measures are designed to comply\nwith various NRC regulations governing employee conduct, health, and work\nrequirements. NRC exercises oversight of licensees\xe2\x80\x99 security officers through the\nphysical protection program of the Reactor Oversight Process, as well as regional\ninspections concerning specific problems or extraordinary events and through\nforce-on-force exercises.\n\nThe audit objective was to assess NRC\xe2\x80\x99s oversight of security officers employed\nby licensees to protect nuclear power plants.\n\nAudit Results:\n\nNRC staff conducts security oversight activities in accordance with agency stan-\ndards; however, OIG found two issues that NRC management should address to\nimprove agency performance:\n\n\xe2\x80\xa2\t Regulations for licensees\xe2\x80\x99 behavioral observa-\n   tion programs lack detailed implementation\n   guidance and are not integrated with guidance\n   for related security programs.\n\n\xe2\x80\xa2\t Advance notification of all baseline security\n   inspections could compromise the accuracy\n   of NRC\xe2\x80\x99s assessments of licensee fitness-for-\n   duty performance.\n\nThese factors compromise NRC\xe2\x80\x99s oversight of li-\n                                                       Security personnel participating in weapons training.\ncensee behavioral observation programs, thereby\nincreasing security risks to nuclear power plants.\nBy enhancing behavioral observation program oversight and incorporating limited-\nscope, short notice inspections into the baseline security inspection program, NRC\ncan improve its oversight of licensees\xe2\x80\x99 security officers. (Addresses Management\n\n\n                                                                                             15\nChallenges #1 and 3)\n\n\n                                                                     October 1, 2007 \xe2\x80\x93 March 31, 2008\n\x0c                   Audit of NRC\xe2\x80\x99s Power Uprate Program\n\n                   OIG Strategic Goal: Safety\n                  NRC regulates the maximum power level at which a commercial nuclear power\n                  plant may operate. The process of increasing the maximum power level at which\n                                                a plant may operate is called a power uprate. Li-\n                                                censees seek permission to perform a power uprate\n                                                by submitting a license application amendment to\n                                                NRC. Since 1977, NRC has approved 118 power\n                                                uprates, resulting in a combined increase of over\n                                                5,200 megawatts electric to the Nation\xe2\x80\x99s electric\n                                                generating capacity, the equivalent of adding 3 to\n                                                4 additional power plants. NRC anticipates as\n                                                many as 24 power uprate applications during the\n                                                next 5 years. Some of these future power uprate\n                                                requests may be for plants that have been approved\n                                                or may seek approval for a license renewal to op-\n                                                erate plants for 20 additional years beyond their\nTurbine at a nuclear power plant.               original 40-year license term.\n                   The objective of this audit was to examine the process for reviewing and approv-\n                   ing power uprate amendment applications.\n                   Audit Results:\n                   The process for reviewing and approving power uprate amendment applications\n                   is generally the same as that for other types of license amendments. The audit,\n                   however, identified program matters needing NRC management attention as the\n                   license amendment process is applied to the uprates. Specifically:\n                   \xe2\x80\xa2\t The power uprate inspection procedure has been implemented and documented\n                      inconsistently. NRC staff have an inconsistent understanding of the power\n                      uprate inspection procedure\xe2\x80\x99s use, implementation, and documentation, and\n                      some staff are not aware of the procedure.\n                   \xe2\x80\xa2\t The circulation and written quality of power uprate safety evaluations needs\n                      improvement.\n                   As a result, stakeholders are unable to adequately monitor power uprate inspections\n                   or to adequately comprehend NRC\xe2\x80\x99s basis for approving an uprate application.\n\n16                 (Addresses Management Challenges #3 and #4)\n\nNRC OIG Semiannual Report\n\x0cAUDITS IN PROGRESS\nAudit of NRC\xe2\x80\x99s Enforcement Program\nOIG Strategic Goal: Safety\n\nThe NRC\xe2\x80\x99s enforcement jurisdiction is drawn from the Atomic Energy Act of\n1954, as amended, and the Energy Reorganization Act of 1974, as amended. In\nrecognition that violations occur in a variety of activities and have varying levels\nof significance, the Commission set out to create an enforcement framework\nwith graduated sanctions to reflect this diversity. The Commission\xe2\x80\x99s first public\nstatement of policy on enforcement (the first Enforcement Policy) was published\nin 1980. Although the policy statement has changed several times, two goals of\nthe enforcement program remain unchanged: to emphasize the importance of\ncompliance with regulatory requirements and to encourage prompt identification,\nand prompt, comprehensive correction of violations. The enforcement program\nis also intended to meet the agency\xe2\x80\x99s performance goals.\n\nViolations are identified through inspections and investigations. All violations\nare subject to civil enforcement action and may also be subject to criminal pros-\necution. After an apparent violation is identified, it is assessed in accordance\nwith the Commission\xe2\x80\x99s Enforcement Policy. Because the policy statement is not\na regulation, the Commission may deviate from the Enforcement Policy as ap-\npropriate under the circumstances of a particular case.\n\nThe objectives of this audit are to determine how NRC assesses (1) the signifi-\ncance of violations and (2) the level of enforcement action to be taken. (Addresses\nManagement Challenges #1 and #3)\n\nAudit of NRC\xe2\x80\x99s Continuity of Operations Plan\n\nOIG Strategic Goals: Safety and Security\n\nTo ensure that essential NRC services are available during an emergency (such\nas terrorist attacks, severe weather, or building level emergencies), Federal\nagencies are required to develop continuity of operations (COOP) plans. Federal\nEmergency Management Agency (FEMA) guidance, Federal Preparedness\nCircular 65, identifies elements of a viable COOP capability, including the\n\n                                                                                              17\nrequirement that agencies identify their essential functions.\n\n\n                                                                      October 1, 2007 \xe2\x80\x93 March 31, 2008\n\x0c                   The objectives of this audit are to evaluate the extent that NRC has identified and\n                   maintains essential functions during an emergency and to determine if NRC\xe2\x80\x99s\n                   COOP plan follows FEMA guidelines. (Addresses Management Challenge #1)\n\n                   Audit of NRC\xe2\x80\x99s AID-Funded Activities\n\n                   OIG Strategic Goal: Corporate Management\n\n                   NRC receives Freedom Support Act (FSA) funds from the U.S. Agency for Interna-\n                   tional Development (AID) to support provisions of nuclear regulatory safety and\n                   security assistance to the regulatory authorities of Armenia, Georgia, Kazakhstan,\n                   Russia, and Ukraine. These funds support activities that include strengthening\n                   regulatory oversight of:\n\n                   \xe2\x80\xa2\t the startup, operation, shutdown and decommissioning of Soviet-designed\n                      nuclear power plants;\n                   \xe2\x80\xa2\t the safe and secure use of radioactive materials; and\n                   \xe2\x80\xa2\t accounting for and protection of nuclear materials.\n\n                   NRC has received approximately $53.3 million in FSA funds from FY 1992 through\n                   FY 2007. The Office of International Programs has responsibility for NRC\xe2\x80\x99s use\n                   of FSA funds. This responsibility includes the coordination within NRC, with\n                   other U.S. Governmental agencies involved with assistance activities, and with\n                   other international donors.\n\n                   The objectives of this audit are to determine if the management controls over\n                   the use of AID funds are adequate and whether NRC\xe2\x80\x99s corrective actions result-\n                   ing from OIG\xe2\x80\x99s recommendations in Audit Report OIG-02-A-04, dated\n                   December 3, 2001, are being adequately implemented. (Addresses Management\n                   Challenge #6)\n\n                   Audit of NRC\xe2\x80\x99s Accounting and Control Over Time and Labor Reporting\n\n                   OIG Strategic Goal: Corporate Management\n\n                   Salaries and benefits for NRC\xe2\x80\x99s approximately 3,300 employees totaled $424 mil-\n                   lion in FY 2006. Approximately 90 percent ($382 million) of the salaries and\n                   benefits are recovered through billings to NRC licensees.\n\n18\nNRC OIG Semiannual Report\n\x0cNRC\xe2\x80\x99s time and labor system is intended to collect data to adequately support\nemployees\xe2\x80\x99 pay and show the number of hours employees are working and are in\nleave status. The system provides data in support of entitlements to overtime pay,\npremium pay, and compensatory time earned and used. An accurate and reliable\nsystem of collecting time and labor data is necessary to provide a basis for:\n\n\xe2\x80\xa2\t allocating employees\xe2\x80\x99 time to the agency\xe2\x80\x99s program and performance\n   objectives,\n\n\xe2\x80\xa2\t assessing NRC fees, and\n\n\xe2\x80\xa2\t financial reporting.\n\nThe objectives of this audit are to determine whether (1) NRC has established\nand implemented internal controls over time and labor reporting to provide rea-\nsonable assurance that hours worked in pay status and hours absent are properly\nreported, and (2) the time and labor system can be easier and more efficient to\nuse. (Addresses Management Challenge #6)\n\nAudit of NRC\xe2\x80\x99s FY 2008 Financial Statements\n\nOIG Strategic Goal: Corporate Management\n\nUnder the Chief Financial Officers Act and the Government Management and\nReform Act, OIG is required to audit the financial statements of the NRC. OIG\nis auditing NRC\xe2\x80\x99s financial statements in accordance with applicable auditing\nstandards. The audit will express opinions on the agency\xe2\x80\x99s financial statements\nand internal controls, review compliance with applicable laws and regulations,\nreview the performance measures for compliance with Office of Management\nand Budget guidance, and review the controls in the NRC\xe2\x80\x99s computer systems\nthat are significant to the financial statements. In addition, OIG will measure\nthe agency\xe2\x80\x99s improvements by assessing corrective action taken on prior audit\nfindings. (Addresses Management Challenge #6)\n\n\n\n\n                                                                                             19\n                                                                     October 1, 2007 \xe2\x80\x93 March 31, 2008\n\x0cINVESTIGATIONS\n                   During this reporting period, OIG received 95 allegations, initiated 35 investigations\n                   and closed 29 cases. In addition, OIG made 18 referrals to NRC management and\n                   7 to the Department of Justice.\n\n                   INVESTIGATIVE CASE SUMMARIES\n                   NRC\xe2\x80\x99s Oversight of Hemyc Fire Barriers\n\n                   OIG Strategic Goal: Safety\n\n                   OIG completed a special inquiry in response to concerns pertaining to Hemyc\n                   fire barriers. Hemyc is a fire barrier manufactured by Promatec, Inc., that has\n                   been installed in operating nuclear power plants (NPPs) since the 1980s and is\n                   currently installed at 15 nuclear reactors in the United States. Recent concerns\n                   focused on Hemyc\xe2\x80\x99s failure to provide the level of protection expected for a 1-hour\n                   rated fire barrier during confirmatory testing sponsored by NRC in 2005. Ad-\n                   ditional concerns pertained to whether NRC staff were aware of problems with\n                                               Hemyc prior to 2005 and whether the staff acted to\n                                               address these problems.\n\n                                                NRC requires fire barrier manufacturers to conduct\n                                                or sponsor tests that establish that their barrier ma-\n                                                terials meet either a 1-hour or 3-hour rating period.\n                                                These time durations indicate the number of hours\n                                                a fire barrier protects equipment from fire damage.\n                                                NRC does not conduct tests to qualify fire barriers for\n                                                use in NPPs but can conduct confirmatory testing to\n                                                identify potential problems with the barriers.\n\n                                                In 1983, NRC approved the installation of Hemyc.\n                                                Hemyc has since been used in a number of NPPs to\nShearon Harris Nuclear Power Plant.\n                                                provide protection of electrical cables from fire. In\n                                                1994, NRC received information pertaining to a small-\n                 scale fire endurance test, sponsored by the agency, that indicated problems with\n                 Hemyc\xe2\x80\x99s fire endurance. However, OIG found that NRC did not communicate\n                 the results of the test to licensees, nor did the agency conduct any follow-up to\n                 the test.\n\n\n20\nNRC OIG Semiannual Report\n\x0cIn November 1999, an NRC inspection identified potential problems with Hemyc\nfire barriers at Shearon Harris NPP. Consequently, in August 2000, NRC con-\ncluded that the information available from previous fire endurance tests proved\ninconclusive to qualify Hemyc as a 1-hour fire rated barrier. However, NRC did\nnot require licensees to take corrective action.\n\nAfter August 2000, NRC initiated a program to perform NRC-sponsored confir-\nmatory testing of the Hemyc fire barriers. The testing, which was not completed\nuntil 2005, resulted in a finding that the Hemyc fire barrier failed to perform for\n1-hour as designed. However, in April 2005, when NRC published the results of\nthe tests in an NRC information notice to all licensees, it did not require licensees\nto take any action or provide a written response.\n\nOIG also found that NRC was not timely in fulfilling a commitment made to\nCongress in 1993 to assess and resolve problems with fire barriers. In March 1993,\nafter problems with another fire barrier were identified, a former NRC Chair-\nman provided testimony to the U.S. House of Representatives Subcommittee on\nOversight and Investigations. His testimony included a commitment to conduct\nassessments of all fire barriers used to protect electrical cables in NPPs to identify\nimprovements needed to have these fire barriers meet NRC requirements. It was\nnot until April 2005 that the NRC first informed licensees of Hemyc\xe2\x80\x99s failure to\nperform as an NRC-qualified fire barrier, and not until April 2006 that NRC first\nrequested licensees to take actions to resolve problems with Hemyc fire barriers\ninstalled at their facilities. As of December 2007, no fire endurance tests had been\nconducted to allow NRC to qualify Hemyc as an approved 1-hour or 3-hour fire\nbarrier for installation at NPPs. (Addresses Management Challenge #1)\n\nNRC Involvement in Improper Whistleblower Settlement Agreement\n\nStrategic Goal: Corporate Management\n\nOIG completed an investigation pertaining to NRC\xe2\x80\x99s involvement in an improper\nsettlement agreement between a whistleblower and an NRC nuclear power plant\nlicensee. This investigation identified shortcomings by NRC staff that contributed\nto the improper settlement agreement and, consequently, may have adversely\nimpacted the licensee. Additionally, OIG identified a lack of understanding by\nseveral NRC offices with respect to the NRC staff \xe2\x80\x99s role in the Alternative Dispute\nResolution (ADR) process.\n\n                                                                                                21\n                                                                        October 1, 2007 \xe2\x80\x93 March 31, 2008\n\x0c                   OIG determined that the licensee and the whistleblower entered into a settlement\n                   agreement in 2007 that purported to meet the intents and purposes of Early ADR\n                   under the NRC ADR Program. A draft of this settlement agreement was reviewed\n                   by an NRC Regional Counsel. However, because the Office of Investigations (OI)\n                   had initiated an investigation into the discrimination allegations on July 7, 2006,\n                   a fact known to the licensee\xe2\x80\x99s counsel and the Regional Counsel, this settlement\n                   agreement did not comply with the most basic requirement of Early ADR (i.e.,\n                   Early ADR is a means to resolve a discrimination complaint \xe2\x80\x9cprior to an OI\n                   investigation.\xe2\x80\x9d) The Regional Counsel\xe2\x80\x99s failure to clearly articulate the applica-\n                   bility of NRC\xe2\x80\x99s Early ADR policy may have caused the licensee to settle with the\n                   whistleblower for $185,000 based on a belief that the settlement agreement would\n                   be viewed by NRC as Early ADR, thereby precluding an OI investigation.\n\n                   OIG found that the Regional Counsel advised the licensee counsel that the agree-\n                   ment did not contain any potentially restrictive language that would violate Title\n                   10 Code of Federal Regulations (CFR) 50.7, \xe2\x80\x9cEmployee Protection.\xe2\x80\x9d 10 CFR 50.7\n                   provides that settlement agreements may not prohibit, restrict, or otherwise\n                   discourage employees from engaging in certain protected activities. However,\n                   the settlement agreement required the whistleblower to send a letter to OI stating\n                   that he did not wish to pursue his discrimination complaint \xe2\x80\x9cin any forum.\xe2\x80\x9d This\n                   appears inconsistent with the language in 10 CFR 50.7 in that it discourages and\n                   may even prohibit him from engaging in a protected activity. It also conflicts with\n                   the whistleblower\xe2\x80\x99s expressed interest in having OI continue its investigation.\n\n                   OIG found that the licensee counsel, the NRC Office of Enforcement (OE), and\n                   the NRC Office of the General Counsel (OGC) had a different understanding of\n                   OGC\xe2\x80\x99s role and responsibility in the ADR process. The licensee counsel believed\n                   that the NRC Regional Counsel was speaking for OGC when offering an opinion\n                   on the settlement agreement. The OE Senior Enforcement Specialist and the\n                   OGC Deputy Counsel believed that only OGC could officially review a settle-\n                   ment agreement. The OGC attorney responsible for the ADR Program stated\n                   there was no policy that requires settlement agreements be reviewed by OGC\n                   and that in most cases the Regional Counsel conducts the review. (Addresses\n                   Management Challenge #3)\n\n\n\n\n22\nNRC OIG Semiannual Report\n\x0cMisuse of NRC E-Mail by a Contractor Employee\n\nStrategic Goal: Corporate Management\n\nOIG completed an investigation concerning misuse of NRC e-mail by an Office\nof Information Services contractor employee. The investigation was initiated\nbased on information indicating that the employee had placed a computer moni-\ntoring program on a computer owned by a private, local company and assigned\nto the NRC contractor\xe2\x80\x99s wife, who worked for the company. According to the\ninformation, the wife\xe2\x80\x99s e-mails and web-browsing activity was captured by the\nmonitoring program. The program then automatically and clandestinely sent\nreports, via e-mail, containing this information to the NRC contractor employee\xe2\x80\x99s\nNRC e-mail account.\n\nInterception and disclosure of wire, oral, or electronic communications is prohibited\nunder Title 18, Section 2511, of the U.S. Code. In addition, NRC\xe2\x80\x99s contract with\nthe contractor company specifies that the contractor\xe2\x80\x99s employees are prohibited\nfrom engaging or using Government IT equipment, services, or access for any\npersonal use, misuse, abuse, or any other unauthorized usage.\n\nThrough contact with the manufacturer of the computer monitoring software, OIG\nwas able to verify that the NRC contractor employee had purchased, registered,\nand installed the software monitoring program. OIG review of NRC computer\ne-mail and network logs confirmed the employee had received 288 e-mails, in his\nassigned NRC e-mail account, which contained the reports sent by the monitor-\ning program. (Addresses Management Challenge #3)\n\nIncorrect Deductions from NRC Payments to Contractor\n\nStrategic Goal: Corporate Management\n\nOIG conducted an investigation into claims by an NRC contractor, Advanced\nSystems Technology and Management, Inc. (AdSTM), that unexplained deduc-\ntions were being taken from NRC invoice payments. In late September 2007,\nAdSTM notified NRC staff that it had not received full payments for the prior\neight invoices the company had issued to NRC.\n\n\n\n\n                                                                                               23\n                                                                       October 1, 2007 \xe2\x80\x93 March 31, 2008\n\x0c                   OIG learned that AdSTM\xe2\x80\x99s latest contract to provide support to the Office of\n                   International Programs became effective in January 2007. Since that time, eight\n                   payments received by AdSTM from NRC in response to invoices were incorrect,\n                   and, as a result, NRC owed AdSTM approximately $196,000.\n\n                   During its investigation, OIG found that when AdSTM\xe2\x80\x99s newest contract payment\n                   information was entered into NRC\xe2\x80\x99s payment database, an NRC payment clerk\n                   mistakenly selected another company instead of AdSTM as the name of the NRC\n                   contractor. When the wrong company was entered into the financial accounting\n                   and payment system, the corresponding (and therefore incorrect) tax identifica-\n                   tion number was also entered. The payment clerk then entered the correct bank\n                   information (routing and account numbers) for AdSTM. The error caused the\n                   Department of Treasury to withhold monies from AdSTM that were supposed\n                   to be garnished from the other company.\n\n                   NRC staff has corrected the error and paid AdSTM the monies owed to them.\n                   Additionally, NRC staff has analyzed its current payment process to ensure this\n                   type of mistake does not recur. (Addresses Management Challenge #3)\n\n                   NRC Oversight of Steel Liner at Oyster Creek Nuclear\n                   Generating Station\n\n                   Strategic Goal: Safety\n\n                   OIG conducted an investigation concerning the sufficiency of the steel contain-\n                   ment liner at Oyster Creek Nuclear Generating Station and whether an NRC staff\n                   member was pressured by NRC management to conclude the liner was sufficient.\n                   The containment liner is a fission product barrier, designed to prevent the release\n                   of radioactive materials to the environment in the event of a reactor accident\n                   where there is core damage.\n\n                   This investigation was initiated after OIG learned that two U.S Congressmen\n                   representing the State of New Jersey appealed to the NRC Atomic Safety and\n                   Licensing Board Panel (ASLBP) to review NRC\xe2\x80\x99s claim that Oyster Creek\xe2\x80\x99s steel\n                   containment liner met design requirements. A New Jersey newspaper reported\n                   that an Office of Nuclear Reactor Regulation staff member testified before the\n\n\n\n24\nNRC OIG Semiannual Report\n\x0cASLBP that the steel containment liner did not meet American Society of Me-\nchanical Engineers (ASME) structural integrity requirements because of corrosion\nthat had occurred since the barrier was installed. It\nwas further reported in the newspaper that because\nof management pressure, the NRC staff member\nprovided the ASLBP an addendum to his original\ntestimony in which he concluded the steel con-\ntainment liner was sufficient and met regulatory\nstandards.\n\nThis investigation determined that the NRC staff\nmember did not change his ASLBP testimony or\nconclusions regarding the structural integrity of the\nsteel containment liner. The staff member provided\ninitial written testimony to the ASLBP that con-\ncluded the steel containment liner was structurally   Oyster Creek Nuclear Power Plant.\nsufficient and met regulatory standards. He supplied\nan addendum to his original testimony in an effort to clarify and strengthen his\noriginal written testimony.\n\nThis investigation further determined that NRC\xe2\x80\x99s assessment of the structural\nintegrity of the steel containment liner was based on technical analyses by quali-\nfied staff members that considered known conditions of the liner. NRC staff\nconcluded that the liner\xe2\x80\x99s condition was adequate to demonstrate that it would\nperform safely. The staff determined that there was no danger of the liner buck-\nling (structural failure) because of excessive corrosion even with supporting sand\nremoved from the outside of the liner. NRC staff has been aware of the corrosion\nissue since 1993 and has monitored the results of biennial licensee inspections\nthat measured the thickness of the entire container liner to ensure it remained at\nstructurally safe levels. Additionally, OIG determined that because the liner was\ndesigned and built prior to the current ASME standards, there was no require-\nment that the liner meet these standards.\n\nThe ASLBP ruled in favor of the licensee on December 18, 2007, and con-\nfirmed that the structural integrity of the steel containment liner was sufficient.\n(Addresses Management Challenge #1)\n\n\n                                                                                             25\n                                                                     October 1, 2007 \xe2\x80\x93 March 31, 2008\n\x0cSTATISTICAL SUMMARY OF\nOIG ACCOMPLISHMENTS\n         INVESTIGATIVE STATISTICS\n         Source of Allegations \xe2\x80\x94 October 1, 2007, through March 31, 2008\n\n                                     NRC Employee                                               18\n                                  NRC Management                                      9\n                       Other Government Agency                           5\n                                          Intervenor                              7\n                                      General Public                                           17\n                             OIG Investigation/Audit                                       16\n                                 Regulated Industry                          6\n                                        Anonymous                                         15\n                                    NRC Contractor             2\n\n\n                       Allegations resulting from the Hotline: 29                          Total: 95\n\n\n\n\n         Disposition of Allegations \xe2\x80\x94 October 1, 2007, through March 31, 2008\n\n                                                Total                                           95\n                             Closed Administratively                         30\n                     Referred for OIG Investigation                          32\n            Referred to NRC Management and Staff                    18\n                       Referred to External Agency         3\n                            Pending Review or Action       3\n                        Correlated to Existing Case            9\n\n\n\n\n26\nNRC OIG Semiannual Report\n\x0cSTATUS OF INVESTIGATIONS\nDOJ Referrals . .................................................................................................... 7\nDOJ Pending........................................................................................................ 1\nDOJ Declinations ............................................................................................... 9\nState Referrals ..................................................................................................... 1\nState Declinations ............................................................................................... 1\nNRC Administrative Actions:\n\t Terminations and Resignations ................................................................. 4\n\t Suspensions and Demotions ...................................................................... 1\n\t Counseling . .................................................................................................. 1\n\n\nSUMMARY OF INVESTIGATIONS\nClassification of \t\t           Opened \t Closed \t Cases In\nInvestigations\t     Carryover\t Cases\t   Cases\t Progress\n\nConflict of Interest\t                                           3\t                1\t              3\t              1\nInternal Fraud\t                                                 1\t                0\t              0\t              1\nExternal Fraud\t                                                 6\t                5\t              5\t              6\n\tFalse Statements\t                                              2\t                1\t              3\t              0\n \tMisuse of Government Property\t                                4\t                5\t              4\t              5\n  \tEmployee Misconduct\t                                         4\t                4\t              5\t              3\n   \tManagement Misconduct\t                                      1\t                4\t              2\t              3\n    Technical Allegations \xe2\x80\x94 Other\t                              8\t                9\t              4\t             13\n    Proactive Initiatives\t                                      2\t                3\t              0\t              5\n    Project\t                                                   10\t                1\t              1\t             10\n    Theft\t                                                      0\t                1\t              1\t              0\n    Event Inquiries\t                                            1\t                1\t              1\t              1\n    \t\t\t Total Investigations\t                                  42\t               35\t             29\t             48\n\n\n\n\n                                                                                                                                  27\n                                                                                                          October 1, 2007 \xe2\x80\x93 March 31, 2008\n\x0c                   AUDIT LISTINGS\n                   Internal Program Audit and Special Evaluation Reports\n\n                   Date\t         Title\t                                        Audit Number\n                   03/28/2008\t   Audit of NRC\xe2\x80\x99s Power Uprate Program\t          OIG-08-A-09\n                   03/26/2008\t   Memorandum Report: Audit of \t                 OIG-08-A-08\n                   \t             NRC\xe2\x80\x99s Contract for Alternative Dispute\n                   \t             Resolution Services\t\n                   03/18/2008\t   Audit of NRC\xe2\x80\x99s Oversight of Licensees\xe2\x80\x99 \t      OIG-08-A-07\n                   \t             Nuclear Security Officers\t\n                   03/18/2008\t   Memorandum Report: NRC\xe2\x80\x99s Planned \t            OIG-08-A-06\n                   \t             Cybersecurity Program\t\n                   12/19/2007\t   Review of NRC\xe2\x80\x99s Implementation of the \t       OIG-08-A-05\n                   \t             Federal Managers\xe2\x80\x99 Financial Integrity Act\n                   \t             for Fiscal Year 2007\t\n                   12/12/2007\t   Transmittal of the Independent \t              OIG-08-A-04\n                   \t             Auditors\xe2\x80\x99 Report on the Condensed\n                   \t             Financial Statements of the Nuclear\n                   \t             Regulatory Commission\t\n                   12/14/2007\t   Memorandum Report: Audit of NRC\xe2\x80\x99s \t           OIG-08-A-03\n                   \t             Alternative Dispute Resolution Program\t\n                   11/15/2007\t   Independent Auditors\xe2\x80\x99 Report on the \t         OIG-08-A-02\n                   \t             U.S. Nuclear Regulatory Commission\xe2\x80\x99s\n                   \t             Special-Purpose Financial Statements as of\n                   \t             September 30, 2007, and 2006, and for the\n                   \t             Years Then Ended\n                   11/09/2007\t   Results of the Audit of the United States \t   OIG-08-A-01\n                   \t             Nuclear Regulatory Commission\xe2\x80\x99s Financial\n                   \t             Statements for Fiscal Years 2007 and 2006\n\n\n28\nNRC OIG Semiannual Report\n\x0cCONTRACT AUDIT REPORTS\nOIG\t          Contractor/\t                    Questioned\t   Unsupported\nIssue Date\t   Contract Number\t                  Costs\t         Costs\n\n10/16/07\t     Numark Associates, Inc.\t 0\t                        0\n\t             NRC-03-07-036\t\t\n\n12/18/07\t     Battelle Memorial Institute\t        0\t             0\n\t             Battelle Columbus Operations\t\n\t             NRC-04-02-074\n\n\n\n\n                                                                                     29\n                                                             October 1, 2007 \xe2\x80\x93 March 31, 2008\n\x0cAUDIT RESOLUTION ACTIVITIES\nTABLE I\nOIG Reports Containing Questioned Costs4\nOctober 1, 2007, through March 31, 2008\n\t                                           \t                                                Questioned\t             Unsupported\n\t                                       Number of\t                                              Costs\t                  Costs\nReports\t                                 Reports\t                                             (Dollars)\t              (Dollars)\n\nA.\t    For which no management decision\n       had been made by the commencement\n       of the reporting period\t                                           1\t                    $68,018\t                     0\n\nB.\t    Which were issued during the\n       reporting period\t                                                  0\t                         0\t                      0\n\n\t      Subtotal (A + B)\t                                                  1\t                    $68,018\t                     0\n\nC.\t    For which a management decision was\n       made during the reporting period:\n\n\t      (i) \t dollar value of disallowed costs\t                            1\t                    $68,018\t                     0\n\n\t      (ii)\t dollar value of costs not disallowed\t                        0\t                         0\t                      0\n\nD.\t    For which no management decision\n       had been made by the end of the\n       reporting period\t                                                  0\t                         0\t                      0\n\nE.\t    For which no management decision was\n       made within 6 months of issuance\t                                  0\t                         0\t                      0\n\n4\n Questioned costs are costs that are questioned by the OIG because of an alleged violation of a provision of a law, regulation, contract,\ngrant, cooperative agreement, or other agreement or document governing the expenditure of funds; a finding that, at the time of the\naudit, such costs are not supported by adequate documentation; or a finding that the expenditure of funds for the intended purpose\nis unnecessary or unreasonable.\n\n\n\n\n30\nNRC OIG Semiannual Report\n\x0cTABLE II\nOIG Reports Issued with Recommendations That Funds Be Put to Better Use5\n\n\t                                                                    Number of\t            Dollar Value\nReports\t                                                              Reports\t              of Funds\n\nA.\t    For which no management decision\t 0\t 0\n       had been made by the commencement\n       of the reporting period\t\t\t\n\nB.\t    Which were issued during the \t 0\t                                                           0\n       reporting period\t\t\n\nC.\t    For which a management decision was\t\n       made during the reporting period:\t\t\n\n\t       (i) \t dollar value of recommendations\t                             0\t                      0\n       \t      that were agreed to by management\n\n\t       (ii) \tdollar value of recommendations \t                            0\t                      0\n        \t that were not agreed to by management\n\nD.\t    For which no management decision had\t                               0\t                      0\n       been made by the end of the reporting\n       period\n\nE.\t    For which no management decision was\t 0\t 0\n       made within 6 months of issuance\t\t\t\t\n\n\n\n5\n A \xe2\x80\x9crecommendation that funds be put to better use\xe2\x80\x9d is a recommendation by the OIG that funds could be\nused more efficiently if NRC management took actions to implement and complete the recommendation,\nincluding: reductions in outlays; deobligation of funds from programs or operations; withdrawal of\ninterest subsidy costs on loans or loan guarantees, insurance, or bonds; costs not incurred by implementing\nrecommended improvements related to the operations of NRC, a contractor, or a grantee; avoidance of\nunnecessary expenditures noted in preaward reviews of contract or grant agreements; or any other savings which are\nspecifically identified.\n\n\n\n                                                                                                                     31\n                                                                                      October 1, 2007 \xe2\x80\x93 March 31, 2008\n\x0c         TABLE III\n         Significant Recommendations Described in Previous Semiannual Reports on\n         Which Corrective Action Has Not Been Completed\n\n         Date\t        Report Title\t                                                  Number\n\n         05/26/03\t    Audit of NRC\xe2\x80\x99s Regulatory Oversight of Special \t             OIG-03-A-15\n         \t            Nuclear Materials\n\n         \t            Recommendation 1: Conduct periodic inspections to\n         \t            verify that material licensees comply with material\n         \t            control and accountability (MC&A) requirements,\n         \t            including, but not limited to, visual inspections of\n         \t            licensees\xe2\x80\x99 special nuclear material (SNM) inventories\n         \t            and validation of reported information.\n\n         02/23/06\t    Audit of the Development of the National Source \t            OIG-06-A-10\n         \t            Tracking System\n\n         \t            Recommendation 1: Before the NSTS rulemaking is\n         \t            finalized, conduct a comprehensive regulatory analysis\n         \t            for NSTS that explores other viable options, such as those\n         \t            in the Code of Conduct. The regulatory analysis should\n         \t            include an assessment of expanding materials tracked in\n         \t            NSTS to contain categories 3, 4, and 5; aggregation of\n         \t            sources; and bulk material.\t\n\n         03/16/06\t    Audit of the NRC\xe2\x80\x99s Byproduct Materials License \t             OIG-06-A-11\n         \t            Application and Review Process\n\n         \t            Recommendation 2: Modify the license application\n         \t            and review process to mitigate the risks identified in the\n         \t            vulnerability assessment.\n\n\n\n\n32\nNRC OIG Semiannual Report\n\x0c09/26/06\t   Evaluation of NRC\xe2\x80\x99s Use of Probabilistic Risk \t                OIG-06-A-24\n\t           Assessment in Regulating the Commercial\n\t           Nuclear Power Industry\n\n\t           Recommendation 1: Develop and implement a\n\t           formal, written process for maintaining PRA models\n\t           that are sufficiently representative of the as-built,\n\t           as-operated plant to support model uses.\n\n\t           Recommendation 3: Conduct a full verification and\n\t           validation of SAPHIRE version 7.2 and GEM.\n\n\n\n\n                                                                                            33\n                                                                    October 1, 2007 \xe2\x80\x93 March 31, 2008\n\x0cABBREVIATIONS AND ACRONYMS\n                   ADR\t     Alternative Dispute Resolution\n                   AdSTM\t   Advanced Systems Technology and Management, Inc.\n                   AID\t     U.S. Agency for International Development\n                   ASLBP\t   Atomic Safety and Licensing Board Panel\n                   ASME\t    American Society of Mechanical Engineers\n                   CFR\t     Code of Federal Regulations\n                   COOP\t    continuity of operations plans\n                   DOJ\t     Department of Justice\n                   FEMA\t    Federal Emergency Management Agency\n                   FFMIA\t   Federal Financial Management Improvement Act\n                   FISMA\t   Federal Information Security Management Act\n                   FSA\t     Freedom Support Act\n                   FY\t      Fiscal Year\n                   GAO\t     U.S. Government Accountability Office\n                   IAM\t     Issue Area Monitor\n                   IG\t      Inspector General\n                   IT\t      information technology\n                   NPP\t     nuclear power plants\n                   NRC \t    U.S. Nuclear Regulatory Commission\n                   PRA\t     Probabilistic Risk Assessment\n                   OGC\t     Office of the General Counsel (NRC)\n                   OE\t      Office of Enforcement (NRC)\n                   OI\t      Office of Investigations (NRC)\n                   OIG\t     Office of the Inspector General (NRC)\n\n34\nNRC OIG Semiannual Report\n\x0c                               REPORTING REQUIREMENTS\nThe Inspector General Act of 1978, as amended (1988), specifies reporting require-\nments for semiannual reports. This index cross-references those requirements\nto the applicable pages where they are fulfilled in this report.\n\n\nCITATION\t               REPORTING REQUIREMENTS\t                                                PAGE\n\nSection 4(a)(2)\t        Review of Legislation and Regulations . ...............................6-7\n\nSection 5(a)(1)\t        Significant Problems, Abuses, and Deficiencies . .....11-16, 20-25\n\nSection 5(a)(2) \t Recommendations for Corrective Action ........................11-16\n\nSection 5(a)(3) \t Prior Significant Recommendations\n\t                 Not Yet Completed . ............................................................32-33\n\nSection 5(a)(4) \t Matters Referred to Prosecutive Authorities ........................ 27\n\nSection 5(a)(5) \t Information or Assistance Refused . ................................. None\n\nSection 5(a)(6) \t Listing of Audit Reports .......................................................... 28\n\nSection 5(a)(7) \t Summary of Significant Reports ...........................11-16, 20-25\n\nSection 5(a)(8) \t Audit Reports \xe2\x80\x94 Questioned Costs ..................................... 30\n\nSection 5(a)(9) \t Audit Reports \xe2\x80\x94 Funds Put to Better Use ............................ 31\n\nSection 5(a)(10) \t Audit Reports Issued Before Commencement\n\t                  of the Reporting Period for Which No\n\t                  Management Decision Has Been Made ................................ 32\n\nSection 5(a)(11) \t Significant Revised Management Decisions .................... None\n\nSection 5(a)(12) \t Significant Management Decisions With\n\t                  Which OIG Disagreed ........................................................ None\n\n\n\n\n                                                                                                               35\n                                                                                       October 1, 2007 \xe2\x80\x93 March 31, 2008\n\x0c36\nNRC OIG Semiannual Report\n\x0c\x0c\x0c'